EAP-TLS UNAUTH
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Oct 19 15:44:58 CEST 2015
Just for fun, there's now a toggle 'require_client_cert' for EAP-TLS too in v3.1.x.
https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/raddb/mods-available/eap#L546
RFC5216
The certificate_request message is included when the server desires
the peer to authenticate itself via public key. While the EAP server
SHOULD require peer authentication, this is not mandatory, since
there are circumstances in which peer authentication will not be
needed (e.g., emergency services, as described in [UNAUTH]), or where
the peer will authenticate via some other means.
This should allow EAP-TLS to be run in a similar fashion to https to allow access to support networks.
Be interesting to hear people's experiences with it.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151019/c6fedb41/attachment.sig>
More information about the Freeradius-Users
mailing list